Web Security Dev Academy - 12-week online program
16h 37m 20s
English
Paid
Course description
Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.
Read more about the course
What you will receive:
- A complete understanding of web application security models - from theory to practice
- Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
- Skills in designing and implementing a secure role-based access model in a real full-stack application
- Understanding and ability to securely implement OAuth/OIDC flows for different scenarios
Who the course is suitable for:
- Full-stack developers looking to enhance their security skills
- Frontend developers concerned with client-side application security
- Backend developers striving for secure server logic architecture
- Application security engineers wanting a deeper understanding of practical implementation
- System administrators interested in security from a code perspective
Who the course is not suitable for:
- Those unfamiliar with JavaScript and HTML
- Beginners with no experience in web development
- Those looking for foundational IT or network security knowledge
- Developers focused on design and UX
You will learn to:
- Develop secure web applications, not blindly relying on frameworks
- See security as a comprehensive task, covering both frontend and backend
- Integrate security into the daily development process
- Apply practices that truly work in real-world conditions
Practical project:
You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.
Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.
Watch Online
Watch Online Web Security Dev Academy - 12-week online program
0:00
/ #1: Welcome lesson
All Course Lessons (129)
| # | Lesson Title | Duration | Access |
|---|---|---|---|
| 1 | Welcome lesson Demo | 01:34 | |
| 2 | Program structure and topics | 03:06 | |
| 3 | Training outcomes | 02:11 | |
| 4 | What you need | 02:03 | |
| 5 | Your first task | 01:13 | |
| 6 | Welcome lesson | 00:39 | |
| 7 | Same-origin policy | 06:29 | |
| 8 | Cross-origin resource sharing | 02:37 | |
| 9 | Same-origin policy [LABS] | 07:34 | |
| 10 | Cross-origin resource sharing [LABS] | 03:11 | |
| 11 | Content Security Policy | 07:11 | |
| 12 | Content Security Policy [LABS] | 22:54 | |
| 13 | Content Security Policy - Reporting [LABS] | 02:45 | |
| 14 | Subresource Integrity [LABS] | 03:16 | |
| 15 | Homework | 00:59 | |
| 16 | Welcome lesson | 00:33 | |
| 17 | Client-side security boundaries | 09:23 | |
| 18 | Server-side security | 09:13 | |
| 19 | HTTPS | 06:02 | |
| 20 | Sessions vs. Tokens | 17:21 | |
| 21 | When to use Sessions vs. JWT Tokens | 05:52 | |
| 22 | Homework | 02:08 | |
| 23 | Welcome lesson | 01:01 | |
| 24 | OWASP Top 10 | 20:22 | |
| 25 | Cross-site scripting | 11:17 | |
| 26 | Cross-site scripting [LABS] | 15:49 | |
| 27 | Cross-site request forgery | 10:15 | |
| 28 | Cross-site request forgery [LABS] | 18:44 | |
| 29 | JWT Hacking | 14:33 | |
| 30 | Other security vulnerabilities | 01:51 | |
| 31 | Welcome lesson | 00:19 | |
| 32 | Application overview | 10:59 | |
| 33 | Application presentation | 03:04 | |
| 34 | Application architecture | 10:09 | |
| 35 | Authentication vs. authorization | 07:23 | |
| 36 | Secured Angular part | 07:55 | |
| 37 | Secured API | 10:19 | |
| 38 | Node.js application setup | 03:37 | |
| 39 | Homework | 01:48 | |
| 40 | Welcome lesson | 01:00 | |
| 41 | Features overview | 13:54 | |
| 42 | Login feature [Angular] | 14:00 | |
| 43 | Login feature [Node] | 19:47 | |
| 44 | Sign up feature [Angular] | 05:23 | |
| 45 | Sign up feature [Node] | 15:01 | |
| 46 | Router Guards | 05:42 | |
| 47 | Http Interceptors | 08:09 | |
| 48 | Homework | 01:16 | |
| 49 | Welcome lesson | 00:33 | |
| 50 | XSS prevention | 11:01 | |
| 51 | CSRF prevention | 12:39 | |
| 52 | HttpOnly and Secure Cookies | 02:06 | |
| 53 | UserAuth object | 06:27 | |
| 54 | Conditional components visibility | 08:55 | |
| 55 | Homework | 01:00 | |
| 56 | Welcome lesson | 00:59 | |
| 57 | UserAuth object | 04:45 | |
| 58 | Server-side session | 03:11 | |
| 59 | Logging access and application events | 23:25 | |
| 60 | Throttling failed logins | 13:29 | |
| 61 | Input sanitization and validation | 12:25 | |
| 62 | Preventing calls without the proper role | 07:08 | |
| 63 | Preventing calls without the ownership | 03:23 | |
| 64 | Setting up CORS | 02:42 | |
| 65 | Homework | 01:35 | |
| 66 | Welcome lesson | 01:06 | |
| 67 | Adding a new user to account [Angular] | 16:13 | |
| 68 | Adding a new user to account [Node] | 13:06 | |
| 69 | Confirming a new user for account [Angular] | 05:00 | |
| 70 | Confirming a new user for account [Node] | 01:41 | |
| 71 | Password recovery | 11:49 | |
| 72 | Managing active sessions | 13:40 | |
| 73 | Welcome lesson | 02:06 | |
| 74 | Introduction to OAuth 2.0 | 09:59 | |
| 75 | Different client types and suitable OAuth flows | 18:51 | |
| 76 | Security measures in OAuth | 09:43 | |
| 77 | PKCE | 08:52 | |
| 78 | OpenID Connect | 11:48 | |
| 79 | Id Token with Implicit flow | 03:40 | |
| 80 | Id Token with Implicit flow [CODE] | 09:54 | |
| 81 | Authorization Code flow [CODE] | 25:33 | |
| 82 | OAuth/OIDC Homework | 03:38 | |
| 83 | Multi-factor authentication introduction | 12:07 | |
| 84 | Two-factor authentication demo | 02:51 | |
| 85 | Requesting OTP [Angular] | 09:46 | |
| 86 | Validating OTP [Node] | 08:36 | |
| 87 | 2FA settings [Angular] | 05:19 | |
| 88 | 2FA settings [Node] | 04:14 | |
| 89 | External user management introduction | 18:23 | |
| 90 | Budget and Auth0 integration presentation | 01:59 | |
| 91 | Auth0 integration [Angular] | 03:08 | |
| 92 | Auth0 integration [Node] | 13:59 | |
| 93 | Homework | 00:54 | |
| 94 | Intro | 01:19 | |
| 95 | Getting started | 05:10 | |
| 96 | Basic match | 03:20 | |
| 97 | Basic allow | 02:17 | |
| 98 | Basic conditions | 03:33 | |
| 99 | Common examples | 05:31 | |
| 100 | Functions | 04:30 | |
| 101 | Read other documents | 03:58 | |
| 102 | Chat example | 04:49 | |
| 103 | Role-based auth example | 05:44 | |
| 104 | Security testing introduction | 02:49 | |
| 105 | Setting up mock Firestore | 04:01 | |
| 106 | Unit testing with mock data | 03:59 | |
| 107 | Debugging security rules | 02:05 | |
| 108 | Welcome lesson | 03:05 | |
| 109 | Personal data introduction | 21:21 | |
| 110 | Privacy Policy | 21:38 | |
| 111 | Terms and Conditions | 02:52 | |
| 112 | GDPR and regulations in the World | 13:55 | |
| 113 | Cookies | 15:10 | |
| 114 | Summary | 05:43 | |
| 115 | Introduction | 02:53 | |
| 116 | Same-origin Policy | 02:02 | |
| 117 | User authentication | 03:35 | |
| 118 | Origin spoofing | 01:40 | |
| 119 | Input validation | 03:22 | |
| 120 | TCP tunneling | 04:19 | |
| 121 | Denial of Service (DoS) | 02:10 | |
| 122 | WSS Encryption | 00:59 | |
| 123 | Simple WebSocket demo [LABS] | 05:03 | |
| 124 | Content Security Policy [LABS] | 02:25 | |
| 125 | Authentication [LABS] | 08:55 | |
| 126 | Cross-site WebSocket hijacking [LABS] | 02:23 | |
| 127 | Goodbye and kind request | 01:41 | |
| 128 | LIVE: Module 3 @ 20/06/2024 | 36:24 | |
| 129 | Secure Serverless Devlopment @ Marek Sottl | 01:07:11 |
Unlock unlimited learning
Get instant access to all 128 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.
Learn more about subscriptionComments
0 commentsWant to join the conversation?
Sign in to commentSimilar courses
The Complete 2023 Web Development Bootcamp
Sources: udemy
Welcome to the Complete Web Development Bootcamp, the only course you need to learn to code and become a full-stack web developer. With over 12,000 ratings and a 4.8 average, my...
62 hours 32 minutes 23 seconds
Frontend System Design
Sources: LearnersBucket | Prashant Yadav
Become the Alpha frontend engineer by designing 30+ distinct web applications and all the fundamentals. Learn the advanced concepts, strategies, techniques, and
Web Components Demystified
Sources: Scott Jehl
If you are like me, then you have probably been hearing a lot about web components lately. Many of us are looking for ways to integrate web components into...
7 hours 51 minutes 36 seconds
Next JS & Typescript with Shopify Integration - Full Guide
Sources: udemy
You will build an e-commerce application from scratch. You will learn how to write code in Typescript language, a superset of Javascript providing additional features, and a sta...
27 hours 55 minutes 27 seconds